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DETAILED ACTION 
Response to Amendment 

This office action is in response to amendment filed on 04/05/07. The amendment filed 
on 04/05/07 have been entered and made of record. Therefore, presently pending claims are 1-2, 
4, 7-21,23,25-41. 

Response to Arguments 

Applicant's arguments filed 04/05/07 have been fully considered. 

Applicant argued that Challener does not disclose or suggest a method having the 
anonymous, one-to-one mapping, as amended, because Challener does not teach the reversible 
mapping. This is not found persuasive. The applicant does not claim reversible mapping. The 
one-to-one mapping shown in Challener is the mapping of the voter information with the 
mapping of the id to the vote. 

The applicant argued further that Mital, Shamir, and Schneier do not disclose one-to-one 
mapping. This is found persuasive because Challener teaches this limitation. 

The applicant argues further that Mital and Shamir do not suggest or teach authenticating 
with a communications module. This is persuasive because Schneier teaches this limitation. 

The applicant argues further that Schneier does not teach two parties authenticate each 
other with the communication module. This is not found persuasive. In the Dass protocol, 
Schneier teaches Alice and Bob authenticating using Trent, wherein Alice corresponds to the 
sender, Bob corresponds to the receiver, and Trent corresponds to the communication module. 
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Due to the arguments provided above, the rejection of the independent, provided below, 
claims is maintained. The dependent claims are rejected at least by their dependence on the 
independent claims and further for the reasons given below. 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-2, 7-8, 16-19, 20-21, 25-30, 34-37, and 40-41 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Challener (6,081,793) in view of Mital (5,903,652) and further 
in of the article by Shamir ("How to Share a Secret'') and further in view of the book by Schneier 
("Applied Cryptography"). 

In reference to claims 1 and 20, a communication module for establishing a 
communication connection between a sender of one working data identifier set domain and a 
receiver in a different working data identifier set domain (Fig. 1); a mapping module coupled to 
the communication module for anonymously mapping working data of the one working data 
identifier set domain to working data of the different working data identifier set domain, the 
working data having (i) a research data portion and (ii) an identifier portion related to identifying 
persons associated with the research data portion (column 7 lines 1-37). the mapping module 
mapping the identifier portion of the working data in the one working data identifier set domain 
to the identifier portion of the working data in the different working data identifier set domain 
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such that the working data transmitted to the authorized receiver is anonymous data, while 
leaving the research data portion unmapped by the anonymous mapping of the identifier portions 
(authentication server Fig. 7 and column 7 lines 50-67); and a secret sharing module for 
performing secret sharing to control key holder access to the mapping module (parts 379, 391, 
439 Fig. 7); the apparatus communicating between parties comprising at least the sender (part 
225 Fig. 1 A) and the receiver (part 229 Fig. 1 A) in at least two different working data identifier 
set domains (column 7 lines 38-67 in combination with column 8 lines 45-52). 

The applicant does not define working data identifier set domain. The definition of 
working data identifier set domain is data that devices process that are divided into sets. 
Although Challener does not describe that data that is processed by the authentication server and 
the results server as working data identifier set domain, the data sets that the authenticator and 
the results server process are different sets of data. The authenticator processes that 
identification data and the results server processes that ballot. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to describe the data processed by the authentication server and the results server of 
Challener as working data identifier sets. One of ordinary skill in the art would have been 
motivated to do this because the data revealed to the different servers in system of Challener is 
separated by encryption so that the voter cannot be identified from their ballot (column 10 line 
51-67). 

Although Challener discloses transmitting anonymously mapped identifier portion and 
the unmapped research data portion of the working data to the receiver, the mapping module of 
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Challener is not capable of accessing both the identifier portion and the research data portion of 
the working data. 

Mital discloses a system wherein the communication module is capable of transmitting 
both the anonymously mapped identifier portion and the unmapped research data portion of the 
working data to the receiver (column 7 line 65 column 8 line 14). The system of Mital further 
discloses that the mapping module is capable of accessing both the identifier portion and the 
research data portion of the working data (column 27 lines 54-61 ). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to make the mapping module capable of accessing both the identifier portion and 
the research data portion of the working data as in Mital and therefore allowing the viewing of 
data, but disallowing access using encryption in the system of Challener. One of ordinary skill in 
the art would have been motivated to do this because it would provide access to portions of 
information that are required by specific users while denying access by use of encryption to data 
that requires hiding from certain users. 

Although Challener teaches encryption and therefore the use of keys, Challener does not 
disclose a predetermined number of keyholders greater than one is required d to compromise 
access to the mapping module. 

Shamir teaches a hot to divide data into n pieces in such a way that the data is easily 
reconstructable from any k pieces, but even complete knowledge of k-1 pieces reveals absolutely 
no information about D (abstract). The method is an efficient threshold scheme for the 
management of keys. Therefore Shamir teaches a method for sharing a predetermined number of 
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keyholders greater than one is required d to compromise access to the mapping module (page 
612). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to divide the key into different shares for multiple key holders as in the process 
taught by Shamir in the system of Challener. One of ordinary skill in the art would have been 
motivated to do this because the scheme is ideally suited to application in which a group of 
mutually suspicious individuals with conflicting interests must cooperate (Shamir page 612). 

Challener does not disclose a mutual authentication system wherein the communication 
connection is a secure communication channel formed by the communication module (i) 
authenticating the sender and receiver, resulting in an authorized sender and authorized receiver, 
and (ii) encrypting working data transmitted over the channel, 

In reference to claims 2 and 21, a system is disclosed wherein the research data portion 
of the working data includes personal data of individuals (column 7 lines 1-10 and 55-60). 

In reference to claims 7 and 25. Challener discloses permanent storage means for storing 
data in a tamper-proof manner (Fig. 1C and Fig. 7). 

In reference to claims 8 and 26, wherein the permanent storage means encrypts non- 
queried parts of the data, said encryption using an encryption key, and the secret sharing module 
storing the encryption key (part 377 Fig. 7). 

In reference to claims 16 and 34, wherein connection of the sender and receiver are 
respectively one of a software implementation and a human being. 

Although Challener discloses the sender being a software implementation (authentication 
server has software running on it), Challener does not disclose the receiver being a human being 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to send the ballots of Challener to a human being. One of ordinary skill in the art 
would have been motivated to do this because the human being would have interest in the results 
of the ballot for voting purposes. 

In reference to claims 1 7 and 35 \ wherein connection of the sender and receiver is in 
respective different sessions. 

Although Challener discloses the sender and the receiver viewing different forms of the 
information, Challener does not expressly disclose the sender and the receiver connection is in 
respectively different sessions 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to connect the receiver and sender in different session. One of ordinary skill in the 
art would have been motivated to do this because the receiver is interested in the result of the 
ballot and therefore connection of the receiver is advantages after the voting has occurred and 
therefore in a separate session. 

In reference to claims 18 and 36, wherein the communication module further enables 
communication connection by a supervisor in addition to the sender and receiver (part 227 Fig. 
1A). 

In reference to claims 19 and 37 wherein the communication connection by the 
supervisor enables remote operation of the apparatus by the supervisor (Fig. 1C). 

In reference to claims 40-4 J wherein the working data is formed of plural records, each 
record comprising (i) a research data portion and (ii) an identifier portion related to identifying . 
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an individual person associated with the research data portion, the individual person being the 
same person across each record of the plural records. 

The vote of Challener can be increased to include more data. Therefore At the time the 
invention was made, it would have been obvious to a person of ordinary skill in the art to 
increase the data provided in the section for the vote. One of ordinary skill in the art would have 
been motivated to do this because the amount of data required by a system depends on the type 
of system. 

Claims 4, 9-12, 23, 27-30 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Challener and further in view of Mital and Shamir and Stallings as applied to claims 1 and 20 
above, and further in view of Schneier, 

In reference to claim 4 and 23, a system is disclosed wherein the mapping module 
employs encryption in the mapping of working data in the domain to working data in the 
different domain such that the working data transmitted to the authorized receiver is anonymous 
data (column 6 lines 14-59). 

In reference to claims 9 and 27, Challener does not expressly disclose a system wherein 
the permanent storage means employs digital signatures on queried parts of the data to detect 
changes in data and thereby prevent tampering. 

Schneier discloses.a system of blind signatures where the document is signed and the 
person does not know what they are signing (pages 112-114). Digital signatures are used to 
detect changes in the data. 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use blind signatures as in Schneier in the system of Challener. One of ordinary 
skill in the art would have been motivated to do this because the person that signed the document 
can verify that they signed it, but will not know the contents of the document. 

In reference to claims 10 and 28, Challener discloses the concatenation of the encryption 
key and data (column 5 lines 42-54), however Challener does not disclose digital signature is 
formed from a message digest. 

Schneier discloses generating a message digest using a one-way hash and then signing 
the message digest (pages 38-39). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to sign a message digest as in Schneier in the system of Challener, One of 
ordinary skill in the art would have been motivated to do this because it is a increases the speed 
of signing documents. 

In reference to claims 11 and 29, Challener does not disclose a system wherein the 
permanent storage means maintains a summary measure of stored data 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain a summary measure of stored data in the system of Challener. One of 
ordinary skill in the art would have been motivated to do this because it enable the reconstruction 
of data in the case of corruption of the original. 

In reference to claims 12 and 30, Challener does not disclose a system wherein said 
summary measure has a respective digital signature. 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain a summary measure of stored data that has a digital signature in the 
system of Challener. One of ordinary skill in the art would have been motivated to do this 
because it would enable the detection of changes to the summary measure. 

Claims 13-15, 31-33, and 38 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Challener and further in view of Mital and Shamir and Stallings as applied to claims 1 and 
20 above, and further in view of Ansell et al (6,151,631). 

In reference to claims 13 and 31, Challener does not expressly disclose storing a mapping 
table having cross-references between identifier portions of working data of the two domains 

However Ansell discloses storing a mapping table (fig. 13 part 1306). the mapping table 
having cross-references between identifier portions of data of different domains (fig. 13 parts 
1302 and 1304) 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain mapping tables as in Ansell in the system of Challener. One of 
ordinary skill in the art would have been motivated to do this because a mapping table organizes 
the information in a convenient manner. 

In reference to claims 14, 32, and 38, Challener does not disclose a system wherein the 
mapping module stores a mapping table for plural domains, the mapping table being formed of 
(i) an index section and (ii) a working reference section, the index section indicating identifier 
portion of working data in a first subject domain and the working reference section indicating 
corresponding identifier portion in a second domain, the working reference being encrypted, 
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such that the mapping module performs decryption on a part of the mapping table to determine 
usable cross reference of the working data. 

However Ansell discloses a system wherein the mapping module stores a mapping table 
for plural domains (Fig. 13 part 1306), the mapping table being formed of (i) an index section 
and (ii) a working reference section, the index section indicating identifier portion of working 
data in a first subject domain and the working reference section indicating corresponding 
identifier portion in a second domain, the working reference being encrypted, such that the 
mapping module performs decryption on a part of the mapping table to determine usable cross 
reference of the working data (Fig. 3), 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain mapping tables as in Ansell in the system of Challener. One of 
ordinary skill in the art would have been motivated to do this because a mapping table organizes 
the information in a convenient manner. 

In reference to claims 15 and 33, Challener does not disclose a system wherein the 
mapping module maps working data among plural domains. 

Ansell disclose a system wherein the mapping module maps working data among plural 
domains (Fig, 13 part 1306). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to maintain mapping tables as in Ansell in the system of Challener. One of 
ordinary skill in the art would have been motivated to do this because a mapping table organizes 
the information in a convenient manner. 
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Claim 39 is rejected under 35 U.S.C. 103(a) as being unpatentable over Challener in 
view of Mital in view of the article by Shamir and further in view of Schneier as applied to claim 
1 above, and further in view of Coss et al (EP 0 909 074 Al). 

Challener discloses a system with a secure container (part 30 in Fig. 1); a computer 
system executing the communication module and the mapping module (part 30 in Fig, 1). 

However Challener does not disclose a firewall coupled to the computer system, the 
firewall being housed by the secured container so as to provide tamper-proof hardware. 

Coss discloses a system with a firewall with the capability for supporting multiple 
domains (Page 4 paragraph 0025), Firewalls include tamper-proof hardware by definition. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to include a firewall capable of supporting multiple domains as in Coss in the 
system of Challener. One of ordinary skill in the art would have been motivated to do this 
because firewalls prevent unauthorized access in computer networks. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W. Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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